If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Virtual Lab Setup

Hi all, new to forums, not to Backtrack and wanted to share some experiments with running virtual labs for practice. I have tried a few. I'll list the el cheapo to some elite setups. All lab setups listed will use some sort of virtualization hypervisor/application as it saves tremendous amounts of time when "resetting" the labs or for tweaking the lab machines in any way.

Lab setup A: El Cheapo

Any machine that can run virtualbox (free). I used to use a Macbook pro I had, 8GB RAM, i7 processor.

IDS/Firewall = PFSENSE with Snort plugin, default snort rules (need to at least register with www.snort.org to obtain some constantly updated default rules), some well known ports open depending how you want to set up the lab. I like to have a DMZ to simulate a close to real enterprise environment.

FIREWALL = M0n0wall works well if you want to change it up and deploy a DMZ with PFSENSE and use M0n0wall for a different firewall guarding the "internal" network of your lab.

The more physical memory you have on a system, the more you can put into this setup. There are a ton of great tutorials on how to set this up in Virtual Box with multiple virtual NICs, VLANs etc...

Attacker Machine: BT 5, R2, or R3, or if you still love BT4 go for it...

Lab setup B: A little more time consuming but can still be free for the most part. This is my current lab environment, or close to it as I'm not done setting it up.

computer hardware: Macbook pro (this is what I have available, will work with other hardware obviously), 16GB RAM, i7 processor (I think mine's 2.4Ghz.), i also replaced my optical drive with a second 1TB HDD (http://macsales.com for instructions and hardware)

FIREWALL/IDS: PFSENSE with 3 NICs. 1. for WAN (this will be connected to your physical NIC set in either host only mode or NAT (updates only)). 2nd NIC for LAN (no physical NIC, sole purpose is to connect other clients within ESXi), 3rd for DMZ if so desired (again, no physical NIC).OPTION 1: WINDOWS - Requires subscription to Technet ($199/yr) for software license(s) but gives you a TON of different software types/versions to download. $199 is cheapest and does not include enterprise products (still, you can do quite a bit with what you are allowed to obtain).

Clients: Be creative! Set up a fully operational virtual Domain with Active Directory, DNS servers, an IIS web server serving several vulnerable web applications, a SQL server or a SQL server cluster, make it as real as possible with XP clients or windows 7 clients and by all means throw some linux distros in there with holes in them too.

OPTION 2: LINUX - same as above, deploy a full Linux enterprise type of network complete with a directory server, DNS servers, a web server, a DB server, along with some vulnerable clients. Be creative! And by all means Learn!

I'm currently working through this set up myself. It does go a bit slower if you are still learning/have never set up some of the operating systems or features from an admin point of view but the learning you get from doing all of this is incredible.

Lab machines: Go nuts. windows servers, Linux servers, multiple network segments, again, the key here is to learn as much as possible, some of us are required to do remediation too! This is a great way to dig into that side of things too, OR the forensic side. I would also recommend downloading some vulnerable applications from www.exploit-db.com and putting those on random machines. Have your friends test their skills on your lab, have them deploy some machines and test you as well.

Obviously this isn't the cheap option but is a good option, in my opinion. To add to the challenge, you can then also use the wireless AP's for wireless testing as a vector into the network.

Post your thoughts and as I get Lab 2 set up completely, I'll share some of the vulnerable linux distros or vm's I create as time allows. I'm still setting up lab setup 2 and plan to use a mix of Windows and Linux until a time I can setup Lab setup 3 and introduce the wireless attacks into the mix.